2 — Basic Pre-Installation Procedures

[Previous] [Next] [Contents] [Index]

This chapter describes how to prepare your site for NetCrusader/Web. It contains the following sections:

2.1 Preparing Servers
2.2 Locating the License File
2.3 Saving Customized Files from Previous Versions
2.4 Using Certificates
2.5 Enabling SSL

NOTE: For best results, do not start installation until you have reviewed this chapter thoroughly.

2.1 Preparing Servers

This section contains procedures for pre-installation tasks you must perform before installing the NetCrusader/Web Security Adapter.

NOTE: If you verify that each component — for example, web server, web browser, server certificates, client certificates — works before continuing to install another component, troubleshooting problems later on becomes much easier.

1. Verify that the server you want to use is one of the supported web servers listed in Chapter 1.

2. If not already installed, install and configure the web server as described in the documentation accompanying it.

3. Use a web browser to verify that you can access the documents on the web server. Do not continue with the next section until you can.

1. Launch the Microsoft Internet Service Manager.

2. Expand the Internet Information Server folder.

3. Select the node representing the web host and edit the properties.

4. On the Master Property sheet for the WWW Service, select the Directory Security tab.

5. Under Anonymous Access and Authentication Control:

   Enable:

   • Allow Anonymous Access.
     

     Disable:

   • Windows NT Challenge/Response
     
   • Basic Authentication
     

This configuration does not expose the Web server; NetCrusader/Web provides access control.

2.2 Locating the License File

NetCrusader/Web requires a license file for configuration. The license file is provided on a separate diskette shipped with the NetCrusader/Web product. If you are evaluating NetCrusader/Web, you also have a license, but this license will expire. If you cannot locate your license, contact Entegrity Technical Support or your reseller.

The first time you run the Security Adapter Configuration Wizard, you are prompted for the location of the license file

2.3 Saving Customized Files from Previous Versions

If you have installed a previous version of NetCrusader/Web and customized any files (for example, HTML templates, sample programs, and so on), back them up before you install the current revision. If not, these files will be overwritten by the installation procedure.

If you have modified Access Control Lists (ACLs) for the Web server, back up the netc_authz subdirectory of the NetCrusader/Web installation directory.

NOTE: NetCrusader/Web 4.0 uses .INI files to store configuration information. Previous versions used a different mechanism. If you have configuration data that needs to be migrated to 4.0, contact Entegrity Technical Support.

2.4 Using Certificates

A certificate is a digital document that attests to the identity of an entity. Certificates can be stored on the browser or web server. Certificates on the browser are also referred to as client certificates or personal certificates. Certificates on the web server are referred to as server certificates or web site certificates. You can obtain long-term certificates for regular use or certificates for test purposes that expire after a relatively short period of time.

You must obtain and install a server certificate before using NetCrusader/Web unless you are using only the custom Distinguished Name (DN) mapping feature. (For more information on the custom DN mapping feature, see the online help for the Security Adapter configuration wizard.)

You may obtain certificates from a valid Certification Authority (CA) . Companies such as VeriSign, AT&T, and the United States Postal Service provide CA services. Alternatively, you may generate your own certificates if you have certificate-generating software (for example, the Microsoft Certificate Server).

The following sections give a brief overview of obtaining certificates.

2.4.1 Server Certificates

To use SSL, on the web server you must install a server certificate and enable encrypted connections from web browsers. This enables the web server to authenticate itself to the web browser. The procedure for installing the certificate depends on the type of server.

Procedures may vary, but the following overview illustrates what is involved.

1. Using your web server software, you generate a key pair. A key pair file contains both the public and private keys used for SSL encryption. See the documentation accompanying your web server for information on generating a key pair.

2. Apply for the certificate. The actual registration procedure varies from one CA to another, and a single CA may provide different levels of certification associated with more or less rigorous identification procedures. The certificate application requirements for servers include documentation of the identity of the applying organization.

3. When you receive the certificate, install it in the web server. For instructions on installing certificates on servers, see Section 2.4.4.

If you are using client certificates to authenticate users, you need a certificate for each user. You apply for a client certificate by presenting the user's public key to a CA along with documentation attesting to the person's identity. For example, a CA may require a birth certificate as part of the application.

NOTE: For test purposes or for use within closed (internal) systems, you may generate your own client certificates.

When you receive the client certificate, you must install it in the user's browser. For instructions on installing certificates in browsers, see Section 2.4.5.

You must configure the web server to accept and/or require certificates for the object or objects you want to protect. Refer to the web server documentation for more information.

The web server must trust the issuer of the client certificate. If not, you cannot select that certificate when challenged by the server; the certificate will not be visible. For more information, consult the documentation or online help for your web server.

To enable NetCrusader/Web to authenticate users with certificates, use Commander to set the X.500 name attribute for each user. For more information, see the online help for Commander.

2.4.3 Test Certificates

Some Certificate Authorities offer free, limited-time certificates expressly for test purposes. For example, you may be able to obtain a certificate valid for only two weeks while you test a proposed system. The test certificate should not be used in a production environment and may require that you install a test CA certificate in the browser with which you are testing your product. The application process for a test certificate may differ from the application for a permanent certificate.

At this writing, Verisign (http://www.verisign.com) and Entrust (http://www.entrust.com) offer temporary certificates that you can use for testing. Refer to their web sites for details.

2.4.4 Installing and Configuring Certificates on Servers

Consult your web server documentation for information on installing and configuring certificates on servers. On some servers, this process is also referred to as establishing trust for CAs.

2.4.5 Installing and Configuring Certificates in Browsers

Consult your browser documentation for information on installing and configuring certificates on browsers.

2.5 Enabling SSL

After you have obtained and installed a certificate for each web server whose communications you want to protect with SSL, configure the web server to support SSL. Consult the online help or documentation for the web server for details.

[Previous] [Next] [Contents] [Index]

To make comments or ask for help, contact support@entegrity.com.

Copyright © 2000-2001 Entegrity Solutions Corporation & its subsidiaries